1. 需求描述

? ICP備案是指網(wǎng)站在信息產(chǎn)業(yè)部提交網(wǎng)站信息進(jìn)行官方認(rèn)可。對(duì)國(guó)內(nèi)各大小網(wǎng)站（包括企業(yè)及個(gè)人站點(diǎn)）的嚴(yán)格審查工作，對(duì)于沒(méi)有合法備案的非經(jīng)營(yíng)性網(wǎng)站或沒(méi)有取得ICP許可證的經(jīng)營(yíng)性網(wǎng)站， 根據(jù)網(wǎng)站性質(zhì)，將予以罰款，嚴(yán)重的關(guān)閉網(wǎng)站，以此規(guī)范網(wǎng)絡(luò)安全，打擊一切利用網(wǎng)絡(luò)資源進(jìn)行不法活動(dòng)的犯罪行為。

? 可以通過(guò)工信部政務(wù)服務(wù)平臺(tái)-ICP/IP地址/域名信息備案管理系統(tǒng)查詢(xún)ICP備案信息， 如下圖

ICP備案信息查詢(xún)

頁(yè)面展示了ICP備案主體信息和ICP備案網(wǎng)站信息， 我們嘗試采集該頁(yè)面數(shù)據(jù)。

• 目標(biāo)網(wǎng)站

  https://beian.miit.gov.cn/#/Integrated/recordQuery

• 調(diào)研日期
  2020-11-30

• 難點(diǎn)分析

  該網(wǎng)站需要經(jīng)過(guò)滑塊驗(yàn)證才能查詢(xún)，需要嘗試破解該滑塊

查詢(xún)時(shí)滑塊驗(yàn)證

2. 抓包分析

1. 獲取滑塊配置信息

   鏈接：https://hlwicpfwc.miit.gov.cn/icpproject_query/api/image/getCheckImage

   請(qǐng)求信息：

   
   
   getCheckImage頁(yè)面請(qǐng)求
   
   

   返回信息(由于返回的內(nèi)容過(guò)長(zhǎng)，這里提供截圖)：

   
   
   getCheckImage結(jié)果
   • 該鏈接請(qǐng)求頭有個(gè)token參數(shù)，看著像一個(gè)加密的字符串，先記錄下。

2. 驗(yàn)證滑塊結(jié)果

   鏈接：https://hlwicpfwc.miit.gov.cn/icpproject_query/api/image/checkImage

   請(qǐng)求信息：

   
   
   /checkImage頁(yè)面驗(yàn)證滑塊結(jié)果

   返回內(nèi)容：

     {"code":200,"msg":"操作成功","params":"eyJ0eXBlIjozLCJleHREYXRhIjp7InZhZnljb2RlX2ltYWdlX2tleSI6ImJjNjUxNWU0LTNlZDUtNGMxMy05MDU4LTkzNDlmMjg3NTFiNyJ9LCJlIjoxNjA2ODA5MTk2NjI0fQ.gcJqYl2S9e995dStmYsKhh5dBcyWFIsZ0X-Y6t3Oo4o","success":true}```
   

   • 該請(qǐng)求的請(qǐng)求頭依然有token參數(shù)，且和鏈接1的請(qǐng)求頭中的值保持一致
   • 該請(qǐng)求的參數(shù)中，key的值，跟鏈接1返回結(jié)果的uuid一致，value值未知。
   • 這一步是用來(lái)驗(yàn)證滑塊的滑動(dòng)結(jié)果，按以往研究極驗(yàn)滑塊的經(jīng)驗(yàn)來(lái)看，這里應(yīng)該寫(xiě)入的有滑動(dòng)路徑參數(shù)，但是很明顯value不是路徑參數(shù)，跟路徑相關(guān)的，除了滑動(dòng)路徑外，很容易想到的是滑動(dòng)的長(zhǎng)度，猜測(cè)value的值為滑動(dòng)的距離，單位是'px'，當(dāng)然這個(gè)猜想稍后會(huì)進(jìn)行驗(yàn)證。
   • 正由于沒(méi)有像極驗(yàn)滑塊那種加入路徑參數(shù)，才讓這個(gè)破解難度大大的降低，也為后續(xù)繼續(xù)研究提供了動(dòng)力

3. 滑塊驗(yàn)證通過(guò)，獲取ICP信息

   鏈接：https://hlwicpfwc.miit.gov.cn/icpproject_query/api/icpAbbreviateInfo/queryByCondition

   請(qǐng)求信息：

   
   

返回結(jié)果：

 {"code":200,"msg":"操作成功","params":{"endRow":0,"firstPage":1,"hasNextPage":false,"hasPreviousPage":false,"isFirstPage":true,"isLastPage":true,"lastPage":1,"list":[{"contentTypeName":"","domain":"baidu.com","domainId":10000245113,"homeUrl":"www.baidu.com","leaderName":"","limitAccess":"否","mainId":282751,"mainLicence":"京ICP證030173號(hào)","natureName":"企業(yè)","serviceId":282911,"serviceLicence":"京ICP證030173號(hào)-1","serviceName":"百度","unitName":"北京百度網(wǎng)訊科技有限公司","updateRecordTime":"2020-11-13 09:30:49"}],"navigatePages":8,"navigatepageNums":[1],"nextPage":1,"pageNum":1,"pageSize":10,"pages":1,"prePage":1,"size":1,"startRow":0,"total":1},"success":true}

• 該請(qǐng)求的請(qǐng)求頭依然有token參數(shù)，且和前兩個(gè)鏈接請(qǐng)求頭的token值一致

• 請(qǐng)求頭多了sign參數(shù)，不難發(fā)現(xiàn)，該sign的值，正是第二步返回結(jié)果json中鍵params的值

• 請(qǐng)求頭中還多一個(gè)uuid參數(shù)，對(duì)比發(fā)現(xiàn)，正式鏈接1返回結(jié)果的uuid值

• 通過(guò)抓包分析，我們發(fā)現(xiàn)，整個(gè)過(guò)程就只有鏈接1請(qǐng)求頭中的參數(shù)token和鏈接2的請(qǐng)求參數(shù)value的值是未知的，其他的值均可以通過(guò)請(qǐng)求鏈接獲取，因此只需要研究token和value的生成，即可完成破解

3. token參數(shù)破解

• 嘗試全局搜索token關(guān)鍵字，看能否找到關(guān)鍵信息，搜索之后發(fā)現(xiàn)很多文件都有token關(guān)鍵字，經(jīng)過(guò)篩選，發(fā)現(xiàn)index.js中的代碼片段，太有價(jià)值了，結(jié)合注釋?zhuān)?jiǎn)直就是量身定做，哈哈

  
  

• 在index.js代碼的第66行出打上斷點(diǎn)

• 斷點(diǎn)打好之后，開(kāi)始逐步跟蹤調(diào)試即可，調(diào)試過(guò)程不再演示，我給出生成token的關(guān)鍵點(diǎn)，authapi.js 第22行

• 逐步調(diào)試發(fā)現(xiàn)，authKey的生成，采用md5加密，對(duì)應(yīng)utils.js的第33行

加密的字符串為 authAccount + authSecret + timeStamp = "testtest1606813754781"

加密后的結(jié)果為 "32a38d257a706642a79270011677a139"

我在調(diào)試的時(shí)候，跳過(guò)了加密過(guò)程的執(zhí)行，由于是md5加密，我考慮使用python的hashlib模塊對(duì)字串"testtest1606813754781"進(jìn)行md5加密，觀察其結(jié)果是否與js調(diào)試的結(jié)果一致

發(fā)現(xiàn)python結(jié)果和js調(diào)試的結(jié)果是一致的，后續(xù)我們?cè)谏蛇@個(gè)參數(shù)的時(shí)候，可以直接使用python腳本進(jìn)行執(zhí)行

• 繼續(xù)調(diào)試，是發(fā)送一個(gè)post請(qǐng)求，目標(biāo)鏈接為“https://hlwicpfwc.miit.gov.cn/icpproject_query/api/auth” ，傳入的參數(shù)為上面獲取到的authKey和時(shí)間戳參數(shù)timeStamp，獲取到的tokenData是一個(gè)json，tokenData.bussiness值即為我們要獲取的token值

該步調(diào)試的時(shí)候，會(huì)發(fā)現(xiàn)，token應(yīng)該有一個(gè)三分鐘的有效時(shí)間，每次請(qǐng)求的時(shí)候，js會(huì)先檢測(cè)當(dāng)前的token值是否已經(jīng)過(guò)期，如果過(guò)期則重新生成token

• 至此，我們通過(guò)js調(diào)試了解到了token的生成，費(fèi)那么大力氣，總結(jié)下來(lái)其實(shí)就兩步

  1. 使用md5加密字符串 "testtest"+timeStamp(當(dāng)前時(shí)間戳)，獲取authKey

  2. post方式請(qǐng)求鏈接https://hlwicpfwc.miit.gov.cn/icpproject_query/api/auth，參數(shù)為 authKey = authKey，timeStamp = timeStamp, 從結(jié)果中提取鍵 bussiness 的值即可

4. value分析

value參數(shù)，是在抓包分析第二步的時(shí)候需要寫(xiě)入的參數(shù)，開(kāi)始想通過(guò)全局搜索的方式搜索value來(lái)找到有價(jià)值的代碼段，但是搜索發(fā)現(xiàn)太多文件和代碼片段包含value關(guān)鍵字，此時(shí)換個(gè)思路，請(qǐng)求的鏈接為https://hlwicpfwc.miit.gov.cn/icpproject_query/api/image/checkImage，嘗試搜索checkImage關(guān)鍵字，看看會(huì)不會(huì)有什么發(fā)現(xiàn)

• 全局搜索checkImage關(guān)鍵字，只有兩個(gè)文件含有該關(guān)鍵字，分析發(fā)現(xiàn)，我們要研究的文件是 index.vue

• 點(diǎn)進(jìn)來(lái)，發(fā)現(xiàn)這段代碼剛好是我們研究的，post參數(shù)為 key: that.uuid和value: Math.round(that.puzzle * 1) + ""要知道value的值，我們需要知道that.puzzle的值，在該文件中搜索puzzle關(guān)鍵字，看能否找到puzzle的聲明和賦值的地方

• puzzle聲明在index.vue的第247行，其實(shí)從注釋?zhuān)覀儙缀跻呀?jīng)能確定puzzle鼠標(biāo)滑動(dòng)滑塊的距離了，為了更好地說(shuō)明，我們繼續(xù)搜索puzzle，找到其賦值的地方

• puzzle賦值，在index.vue的第669行，這段代碼無(wú)疑是證明了開(kāi)始的猜想，value的值為滑動(dòng)滑塊的長(zhǎng)度

• 分析發(fā)現(xiàn)，value為鼠標(biāo)滑動(dòng)滑塊的距離，為了能正確解鎖滑塊，很明顯，這個(gè)value的值，應(yīng)為滑動(dòng)驗(yàn)證碼的圖片缺口位置，為此，我們只需要獲取帶缺口的滑動(dòng)驗(yàn)證碼圖片，計(jì)算其缺口位置，就能對(duì)value進(jìn)行賦值了

5. 帶缺口的滑動(dòng)驗(yàn)證碼圖片獲取

抓包分析的第一步是獲取滑塊驗(yàn)證碼的配置信息，其返回值是一個(gè)json，記做res， 我們發(fā)現(xiàn)res.params 有鍵 "bigImage"，這很容聯(lián)想到，這個(gè)鍵對(duì)應(yīng)的值應(yīng)該為帶缺口的圖片地址，分析網(wǎng)絡(luò)請(qǐng)求也能發(fā)現(xiàn)，有個(gè)請(qǐng)求的縮略圖，很像是滑塊的大圖，對(duì)比其鏈接和 "bigImage"的值發(fā)現(xiàn)，請(qǐng)求的鏈接為“data:text/javascript;base64,”+res.params.bigImage

觀察其返回內(nèi)容，卻是一堆亂碼

明明該請(qǐng)求的縮略圖就是一個(gè)圖像啊，為啥這里卻反回一堆亂碼，很苦惱，沒(méi)有拿到預(yù)想的結(jié)果，此時(shí)，注意觀察，該請(qǐng)求下面的連續(xù)兩個(gè)請(qǐng)求，其縮略圖也是圖像，但是開(kāi)頭是以"data:Image/png;base64,“開(kāi)頭的，我嘗試點(diǎn)進(jìn)去一個(gè)鏈接，發(fā)現(xiàn)其返回的是一張圖片

那我想著是不是請(qǐng)求的鏈接由“data:text/javascript;base64,”+res.params.bigImage換成“data:Image/png;base64,”+res.params.bigImage就能獲取到圖片了？ 抱著試一試的態(tài)度，發(fā)現(xiàn)真的返回了圖片

我們還能通過(guò)同樣的方式獲取缺口圖片，對(duì)應(yīng)的鏈接為“data:Image/png;base64,”+res.params.smallImage

當(dāng)然，如果你知識(shí)和經(jīng)驗(yàn)足夠豐富的話(huà)，res.params.bigImage其實(shí)是對(duì)應(yīng)圖片的base64編碼，要將base64編碼轉(zhuǎn)回圖片，大概有兩種方式，一種就是前面提到的， 使用瀏覽器請(qǐng)求頁(yè)面“data:Image/png;base64,”+圖片base64編碼可獲取圖片，另外一種相對(duì)更簡(jiǎn)單些，直接對(duì)編碼進(jìn)行解碼，就能獲取圖片，對(duì)應(yīng)的python代碼為

def base642pic():
    base64str = "/9j/4AAQSkZJRgABAQEAYABgAAD/2wBDAA0JCgsKCA0LCgsODg0PEyAVExISEyccHhcgLikxMC4pLSwzOko+MzZGNywtQFdBRkxOUlNSMj5aYVpQYEpRUk//2wBDAQ4ODhMREyYVFSZPNS01T09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0//wAARCAC+AfQDASIAAhEBAxEB/8QAHwAAAQUBAQEBAQEAAAAAAAAAAAECAwQFBgcICQoL/8QAtRAAAgEDAwIEAwUFBAQAAAF9AQIDAAQRBRIhMUEGE1FhByJxFDKBkaEII0KxwRVS0fAkM2JyggkKFhcYGRolJicoKSo0NTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqDhIWGh4iJipKTlJWWl5iZmqKjpKWmp6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uHi4+Tl5ufo6erx8vP09fb3+Pn6/8QAHwEAAwEBAQEBAQEBAQAAAAAAAAECAwQFBgcICQoL/8QAtREAAgECBAQDBAcFBAQAAQJ3AAECAxEEBSExBhJBUQdhcRMiMoEIFEKRobHBCSMzUvAVYnLRChYkNOEl8RcYGRomJygpKjU2Nzg5OkNERUZHSElKU1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6goOEhYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3uLm6wsPExcbHyMnK0tPU1dbX2Nna4uPk5ebn6Onq8vP09fb3+Pn6/9oADAMBAAIRAxEAPwDf20bafto216pwDNtN20/bRtoJE20baXbTttBQzbRtp+2igBm2l206igBu2k20+l21IyOm7Km20baXKUQqtTL9yjbTqA5g203bTqFaokVGQM/l03zajk3Uz5lqOUvmLUb1aWXdWdv20sb1HKVzGsr7qVapK7LU6y1JRMzqtJvVqrs+6k3M1AD5Jdv3aFu2WomZfutSKqq9AEkr+Ym5qrqu6rSqrPSyJEqbmqoyJIWib71V2ba9DO2z5fu0yOJpH21XMIe0u2jzahnXy32t96qzPUgWJHX+KoWl3VAzbqSmIk+WpFVaiVabuoGWNlPW1VvvVXWbbUjXVICb7PEtP3rH92qP2qomm3UAW5Jm30zzaqebSebTAv8An05biszzaPNpcocxqNcVG09UfNo30cocxo+dR9oqir09WoDmLfnNQr1ArVKvzUAOZqbuqaNYv4qSRFb7tEZBKJVZ6Zuqw0K03ylrSOpEiHc1G1qeq7XqVmWnKQcpFtpGXdUyutMZlpxmiZRkM8qm7KfvWkZ1Wr5ok8shuyipV+Zc0Uc0RcsjQop9No5gGUU6ijmHyiKtO20zeqvtqTev3ajn94rlG0U5lpKvmJ5RKXbRuWnUc1w5SPbTqbuWnUcwcoUu2hac3y0uYfKN20baFahmVfvUAG2jbR96loAayVEy1Ypki/JTAqNTvu/NVV5aczNsqCy4sy0Ldbvu1RWb+9Ufm7ajlK5jUWX+Kh5v7tZ3nbqb5tRyj5jRWWrCsrVlxzU/z6OUOY1FmVU+WopX8xKoea1OaegfMTxMrPtatGJIonRqxPNq0tx8lEgiS6kism6L738VZDPWi0u6qMturPupxFIi3rRvWj7Kzfdkpn2WWgQ/zqPOWo2t5V+9UXlNQBM0qtRuWoGRqPmoDmJ9q0xk/u0kaNJ92pvss9AFfbSbamaGVf8AlnT7Rf3yVRJWZKbtrXnt1b7tVJLdloAp0bqm8pqfFaNJT5QIFenrLUzWTRv/ALNSNZLso5Q5iBZakWenLZU/7FtpcoDVnqRbhqPs60/7OtHIHMQSSs1Pib+Fql8im+UtVyhzEcrLUW+pmt1ak+y7aOUXMRM9MZ6s+Sq0xolp8ocxBuo3VI0S0xl20uUOYev3aKZ81FLlA3WX5KYzNUqt8lH3qoki20xt38NTMu77tQqzfxUFFWR2V6VZqs/Z1b71P+yrU8o+YrR3DVKzM1TLarUv2emBnO0qvVyNfkpZYf4agbzVenEUiTbtqORttTxtu+9TmiVqJAVFl3JQzN/FT5Lf+7TtrMlLlHzDYlb73mUkqMz/ADVJEvz7fLqfbVEFGN/I+992rUTrIm5akaLzKI08tNtAEe/59tSbd1CptfdT9tAFKe1VvmWqM8TLWztqGSFZKQGG26k21ryWO591EtrTKMj5qK1WslZKga03UuUCjupfNqx9iZvu1XktZV/5Z1PKHMPWWnb6qNuWjfS5R8xb30vm1T307fS5Si55u6lVqpq9S+bUgT0bqrebR9ooGXWfdTdrVW+2xR/eqSLULZvvSbP96gCxGqr/AMs6d9nib/lnWfJrEC/LFHvqP+2/+mH/AI9RqHMbVtFFs+WpvKWNNzSfLXOSa3c/8so40qjPd3Nz/r55Ho5ZBzHVrcWMv7vz43ZKike2ifd5kdcnRVcpPMb1zrFtH8sXmStVCTWp2+7HGlZ1Npi5jUg1uWN/38cbr/3zWxbarp8/yrJ5Tf8ATSuT2tRsqhHYSXVt5PmefHtrFvNY3fu7P5F/vVksvz7asRxVMpDLFtq08X+t/erVn+3f+mH/AI9Wa1v/AHagZGWjmA1JdYlb/VRxpSLrVyv3vLesumtVCN9dbg2fNHJuqwup2jfN59cvupu+mB2EdxBJ8yyRvT2auM87bR9rl/hkko5gOy301nVfvfJXJNfag3/LeSq0vnyv+/n3/wC81T7QXKdbPqVjB/rZ46yLnxFB92CCR/8AaasZbVmpGt9v3pKn2g+UuNrt6zZQRqPSiqfkr/z0opcwz1DbUbNUtRNV8whN1NZ6cytTdm6lzDBZad9qam+VTGVlqRlqO6/vR0v2jdVPfUTPQHMaPmq1JuWs/wA1qhkvVi+ZpKANZWWlrCbWol+7HI9C67F/FHJVai0N3dTlVW+9JWTFqCy/dkjepvNajmkGhp7Fp6rFWcsrVl3niIWV49ubYvtx82/GcjPpSbsUkdQiqr7qe3ltXIf8Jav/AD5n/v5/9ageLFH/AC5n/v5/9ap5kVY6xViX/lnSt5DfwVyn/CWr/wA+Z/7+f/WpP+EsX/nzP/fz/wCtS5kFjptq0nlLXN/8Jav/AD5n/v5/9akHixf+fM/9/P8A61XzoXIjpdlDJXOHxYv/AD5n/v5/9ar2mauNT87EPl+Xt/iznOfb2o50LlNPbQ0VR76b5zU+YXKS+RVeSGVqsrLupkjtRzBylH+z5W+992mNp8X8VXGllWkV9z7m+SjmDlMmWyVfu+ZUf2Stidoqqtub/lnRzC5TMkh21C25a1pYvk3NHWPPMv3YqoBJJdtV2makamUCDdTWp22m0AJRS09VXZQBHtpdlWdqqn+rqFn+ep5hiKtNkWn+av8AzzpyurJ8tAEO2lXdTmba/wA1L5u2gBFZqGXd92ms+6mbqBFiOLbSyblqtv20xrvb/wAtKkY/zWX/AJaUxpf9uoWdm/5Z0eU38UlHMANLTNzNT2Vo/lpY0alzAM2N/FRtVamaXcm1fkpmz7m6o5gI9m7/AJ50qo1WFVV+9TGVl+bzKOYBlLtpGl2//FVE138n7qP5qRRMrbaRriL/AJ6VnSRXM/zb9/8AwKmNDcqn+zQBfaWBmzRWQzKrYbzM0UAezM1RM1cvZa3PB+7l/erW5FqVpKnmef8A8BqoyuItbqRmqhLqttH93zHqrJrDf8soP++qsRs/NTWbbXPSaldy/wDLTZ/u1Xklnl+9JI9PlFzHRSX1pH96SOqMutRbP3UG/wD3qyViZqd9nakAT3tzP96T/gK1Xqb7O1O+zstVzAVqNtPZaNtBIxfl+7VyDUrmL73zr/tVW20baCjoLbUraVPmk8pv7rVzmvsn9sT4df4en+6KftrC1PP26TPt/IVE9ioPUsBlPAI/On7TWUCRyKkSaVOjHFZGlzRwaUAmqS3cueQDQbmZumBQO6L+3A5qJ5Uj75qmZZmHLcU0ZPWgLlhrlv4RW34XvjC9zvXKnbn9a5wg1q6E+3z/APgP9auNrkyvY7+BllTdF861KqLXM2l1LA+6KtqLUraT/lpsb+61UTGRo/LSrVGS4ijTc0lZV3qssvywfIv/AI9Ryj5jU1C9tIPvSb5f7q1hS6lPI/yybFqq3zUlXykSkT/b7n/npVqDU22fvfnb/ZrM20tHKLmJ7u7nufvfd/u1WZafuanrtb71Ayttpu2rbRVDJt/hqhEW2kantTNtADactN20baADdSU+m0AJtopaSgkKbTqikfb96gBd1MZ/7tJuaT7tP8pv+A1nKRQzyZZKJYvsyJu+9Uysyp/tVDHC0j7m+9Ucwx8f7xPlqVYlX71Nnl8j70fy1XkvolT/AJaO1TzFFvcv8VU5ZWabb9yJKrtcefMm77tEt9FA/wC6+el8IFuR/k+Wqyyy7/8AWVUk1CWVP7i0xZd1Rzhyl9mlahVlb71Z0srR/MtQ/wBovG/y/wB2lzj5TZZIl+9HVS5u4Ivl8v8A4DWQ93K33nquzs33qOaRXKa0l8qv8scdM/tJl+VazFZm+X+9VxE2/L/DSkPlJ/te7lutFU2RlbH7uipJ5ToVnp63csdUkljl/wBW6U6SX/pn81LmJ5S2uof3vnqxFqSt/wAs6w5Lr5//AGWnx3HmbP4KftJIfKdVBLBJ/wAtKuRov8Nc1bXS79v36vRTS/w1cavcjlNnbTazlu51/wBurMV6rf635KuNTmAtbaaybqFmib7slSqtVzAVpLVWpq29XNtJtp8wiusK0jQ1PIyxpub5KoyataL/AMtN/wDu0vaDJVtK53V4tuoyj6fyFW5dVnabcsmxayr+/wDNu3fGScfyqXUuVFajNhpQlQfaTkcVKtwp4PFLmRdiUKBRihWVhwc0tMAxSYpelGQaQCYFbPh5c/aP+A/1rHrb8Oj/AI+P+A/1qluKWxq0771P27qPu/dqiSu0K1DJDtq8u3+L7tG6L7vmR0cwFHa1Mq95C0rQqv8At1ftCeUo7d1G2rvlLTGh/u0/aC5StSM1PaJlpPKar5ogRMzNSbamZKbsamSRVHtqx5Tf886PKalzAV9tCrRJcQR/8tKZ9rg/v0vaRHyyHstJT1dW/wBumM1T7SIuUbUUjqtJLKqp+9kqJXtG/wCWny0pVYlcoNKzfdojTd8332qOR2+9BHHtp6zKqfNJsqZVB8pJ/vU6Rt3yrJsqtLNEsPmL8/8Au1Ul1NlT5Y/uVnKRXKXPs+193mU9pZ1f5fLrIivp5f8AW/8AAasXLNJD8smz+9USmMbqF8y3XzfJtql9uZX3LTXh3/efY1Pgst3/AC0+WlzIZFPdyt/sUyP5fmar1zZLJs2/I1Oi01dn+sqea4aFKNvv7qkVmVN336fPaywfMvzrVdZv4VSgBWmZU/v1XjiaV/l+VaY7Nv8A7tKjNsqrFk7JH5O3+NarqFL/ADU7ym/hpnzRvSAseUv/AMTT13bNyyU2KVmTb5e+oHOx/loEDOytiio2d2OWbmiqK5TckSKL5YqdJF5Xyt93+FqsblXYq/PUc8zKnltHJtrAzHQMv3Wj+b+9TZUik8mTzNi1JH8yfN/3zUcqsyIyx/8AAaAI5bVo5t3mbKvWjNv21XVv4Zf46mgfy/8A0FaOYDR2/JULNtqWBWZN3l/LVeW1uZE3LHs/2aqMieUa0u1P9ZVu2vWi/wCWny1Qi0+fzv3sfy1PHaNv2y1XMHKTya1d+dtij/76qpJd3Mr+Y0klPSxn2fN/BTf7Nn8nav8ABS5g5SOea5l+9JvqrG21/wDV/wDstaC2Vyv3ail0qSR91IfKRxS7v9VWbd7WuWZehx/Kty0sZ40/fyb2/hVax7q2ljuCknUAZ/KmhpFSlORz2qXyD60m0KeTmncuwqTeWOe9K8+cYqPYH4APWpDbEDDcU0wsCzH608zCoTDt/jpREfXNO7FYnEy4zmtfRNQjt0uN0e4nbj9aw/LYdq0NKti/mk7uMdPxpObQNaGjLq1y3zL8lQrfXLf8tJN1P+ws33Y6VdMbfu+5WfMQI1xLJ/y0kpYG2v8ALU62K/xeZT/JWN/ljo5gJ/t06/K0dMlvblv9VHGn+9Sb5aa3mtR7SQB9ru1R/wCP/gNUJb25lfbL91Kmn89n2+ZsX+LbVSSHzH+b7v8A49Vcwyzvnl/5aSbv96j7W1t8st3IlQqu37v3ah2M33vLo5hF5tTn/hk3r/tU+PUpZPlaTyqztm5KetvFH8zeZR7SQGh/aG3713I/+zVGS7nkf5vMdaZHKsrvGsH3Km3L/wA899HtJDK2xl+7H8tPW33feqdng3+W3+tf+Go5ZYldI2/jqQK8rRL/AKqeNNlRRXTSf8tNi0XLRed5f/fW1atbVjh8z+FKrmEQ3LRRP5ksn36rrfK/zL92qN9cLLN/s1W3NVcvMM2Jbtdm5fkqlJes33ZKpfe+anfKiVXLYos+b5n/AD03VLvb5FWOs5W21Iszf7+6lygXZJWVPLoilVpt38Sf981BHF5ifvfk/wBqtjVXtE0+2h02D91F/rJmX5pXqQM68by/+WdWbaXbD/yzrPZVlfdV6BGVP3Xl/P8Aw0pCkWJJlkh/1ny0SRM2xV+6/wDdqtIzLCn8Df8AoVTxS/Jt8uRGqOUgkj3bH3ferOtpfLd2X5G+7WpHub7vl/7VY12y+cki/I38VOA4j7y3ll2SL937tUpbeSJ9rjbV03kATb+8207+0Iv+ee//AHqvmkWV9m3Yv3Gp32G5n3s1RXNw077tmzbVyC4byUb77UagMs7FpE3M+z+GnPpW102fOv8AFU0cq/e8zY1Wd87bPK/3mqOaROpnNawRnbKh3DrRVuSWFnJlXc3c0Uc0g5pE0d0v3Yvn/wBmrEbeZ8v3GrPsZYJXdVj+ar1tbxK/99v9qol7oi9Fpit8sslRT2rQb1X738O6p4nZUfd91E3fNT47q0kTc3ly0izBZfsz7bn7yfvNtMW4kk+Zo9kS1tSeVK7s0cb1TklX/V+X8qfw7afMEpIs2N8q/L/DVhr1pP8AVVm7Yovmi/75qeVGj/0qD54v+Wn95aQRLFy9zHsZvMdX/u1XtLfzNQSSWOR1/u0/zWX/AFUkm6rcEV8yf6v7/wDep8wbE0DytvVo9mz+KptlMW1aNPmk+anbG/56VHMLmiLtp23alQsqr96SOmM8TfL/ABf3qOYOZEkjxR/ekrnNUl338jDpx/IVrtCrfdrKv7SZ52kRMocYOR6VUZagjPZmxwaIihb97mniCbPypkf7wqWLTLqf/VRDpn74/wAa0TRZAkiLKSgyAakWRrhz5hwB0pPsN0jhWixkZ6irUFjNt3tGAgPJ3j/GndAVpbUqAVcOfbtSRxFO5JNakml3e4mOLKkZyHUj+dMGmXx/5Y/+PL/jRzIly1KOPU1r6AU/f7nx93+tVG0i+IBMWQemHX/GrGnaTPH5nmt5anGOQc9fSlJ6CcjdXbT/AJaox2U8fzLd72/u1eiSXZ+//wDHaz5SeYayq1M2VZji3f8ALOSn/ZJWTd5clPlkHMU9tNZV/iq99llX5vLpjW8v/POr9nInmKmxfu+XSbYv+edTNaSt83l1XktLlv8Alh/5Fp+ymVzCbYm/5Z03ZA33o46d/Z8//PDZ/wBtaiaxnX/ln/5Fp+ykTzD9loqf6ujbabNvkR7ag+wt/wA85P8Av7TWsWb/AJZ/+RaPZSHzFmJbSD/UR/M9O3Wzf8s46z49MuY5vMin2U7+zJP+elP2Ux8xYkSxabzGj+amNFab/mjqJtMbfu/d7qa2lNI6M0n3KPZTFzD/ALPY793l/N/vUjWVpJ/z0T/gVRSaK0k27z9lPbTJVh2rJT9lMCtLoli33ZJEqD+wbbftW7enz6Pc/wAM8lQ/2dex/duno5Jj5hG0GX+GeOoG8P3K/deN6vWlpdq/7+d3Wt2CXy0/1Eb0pc6A4ltPuYH/AHsEj/7tMaKffu8iSvRIJm2f8ekdLHPL8/7iOj2rLOW037MsL/aYJHndy27b/DSzw3NzcpHLHsgi/wBTHGtdbHdbX/ewRor1N9usV/1t3GmyolNsDj5Uggskt4NNkSd/9ZN/s1HaaYrTfLJOn+8tde2q6ev3ruN99MbVrHZ/r46nmkByjaUywzSfflT/AJ6fL8tY8r/Zn3NJHK3+y1dX4l12xbSntraTdO/92uDxWkIt7hylt76d/l37F/2aFt1YbvM/hqvF8jozfdp8syt92PZVFcoCNfu/PU3kxMm7zPmqort96nrKy/7tHLIRYS0kb7vz/wB7bVuOLy0eT+JKWxl8tPm+9ViBvn8v7lZylIUiozyt96P5Xq5Gu2z3eX8v+1VWe7bf5dWvtbNCkf8ACn9aJElZfK2/L0oq5A67D+4k6/3aKnmAZJaSb0ktoPK/vVaW3nj+a58zb/00X+tbtsssUO1pJJVfH8PpU2oSteom2P7n96o5ipSiZcUUU6JHP5nlI+5qorZSyTPHFJs/urt+WtqOFl/2Kljh+fc0HzJ/FU8xHOZGm2jLe7b75Nifwr8rU/ULS2jufMg8zynT5v4trVsyOzQuv+qb/ZrMiiiXfI3mS/3V/wBqnzDM65lgjdNtMjuNz+Ytbls+iRzPJPBIk7p+7+XctW77VdNbT0hWCP50+ZdtWWYNtqsVpDtWPzfn3Va/tpZP+WeyqUlpBsSS2g2Nv/ipJbdpH86eD5n/AIVWlyxFLlJ5dSlZEaKmJLfTom2CTc9QR2/z/wCokT/drSW6a2ttv7zzf/HqCSOOx1SWHcsEf+7u+aiLT9Sl3r5cabPveY1TT61LH/yzkRahudWlb/Y3oKfLEv3Sz9h8t9rSfc+8v8NaWnw6bZI8nl72/vN71zq6qsjpG0cfyfLurU+zzsnlxSbF+9R7sQ5oxLdtpmm3eoeZ/ql/u/w1bnhtI3doINn8K1hxaZKr7vPkdaurZeX8zTyf99VPNEOeJoapaQR6ZbL5ce5MfLu+ZvWuZnt1j85VkjeKVNse771bSxRbE3SUxbK0jfdF97+GjmI5yhbSyxJtn8t2T5a1/wDRP4fvf3WqH7PafOrR/f8Ampdi/wAP+781VGrYUpJjpUg+79yqsllFJ/y3qVol/wCelIsUTbP3lX7byILlnFYxfM0/zVe82x/5+6xvKiZN2/7lH7pdn7z+Cj20gOgje0/5+46nkltFTd58e1K5j5W+ZfMf/dp8TN/zzn/75p+3n2Gbkm1k3RSb1qjJLtqKN7uRP9RJUv2G7lTa0kaf8CraNeb+yLlQ1pVp0a7v+WdTR6T5abrmSN/92pYoVg/1UddEZSe6EUZf3f3o6qSTL/zzrWu18xKyJUrUkiaZf+edRSzMqfuoN7U9k/6Z1A121lc7v3j/APoNZVfdiVHULa6lZ9ssf+z/AHdtbH2JtnmVTbU4mfc0cfz/AHqf/aq7IVXy/nzXBGrNGnIWVsv71PW0iX70lM+3LJCn+r3bKlW4Vn2/u6PbzHygtpF97+GnNbwN8q1G1wsfy07eqvuWl7WYco1re2/74pVt7Zfm8vfTVmikuXVvu0xruKNKn2kw5SwqQLvXy46Vdq/N5EfyUkksTO6rJ9xBVeS6WN0/j+f5qXNIOUsb/wC7H9+mt5TfM0dRecvnIv8Af/2qhW43JtqPeDUmkW2k+Xy/mSqUtjYyJu8uSp1m3I7L/AlO3+Ym1f8Adp+8L3jIudFgk+ZfMqrJoKzpti+RkSt+faqJukqHezIknl1XNIPeMZvDit8tZ7eHJ/ur/wCPV032to3/APHaJLiVk3f+y0/aSDmOZl8PXMabdifcrL/se+V/9RXcLNKuzd5fz/dVqkl+X5vI+Wn7WQc5xMmnMqIqp/31VeW1lWbyf4k+au2kiVvm8v5qwtQsZ571/wCBauNUIyM+zeS0heRvL+dP7u6pbbU1i3/aYPN+T5V+6q1Tkmlj/d/3KpSMzferT4iy8vl3M3meX/8AE1qabpn2m52r/wDY1zyTyx/df7tWrbUbnzvln8rf95qUogdR/aFlbfumZpGH3jL94H0ornEuF+Y4WTJzubqaKjlGd+vzf7FM+Var/am2blqKS6ZU/e/JXLymHLIvNTl3NWfHexSPtWT5qt6NqUtteOzfJE6bW3VcafMHKPXa3zU5lij+78++rmqy6fPp+6D57nf937tZdtZXNy77fLTZ/elVacqUkVykzLHSKsC/N5dZ63ttvmjaf96n8NOnliihSbz4/wC81LkkPkNHeuz5fk2U1XVa5xde3fKv9+mS6s2/y/M/75o9nIOQ6hV/i8uhv+2dc62pS/ZkbzPm/ip66nFJ8s8lHLIOU2pFVn+aSsXVPIn2f6X9xNv3d1P+1wSfMsmyqfm2kjvtk+5VxiOMSrZvtmTdHv8Anrcivpdn/LP5KzZLhV2LF/B/FU9nd2Mu9Z/k305RuVy8xofbWb92se9qe1xL5O5veshdaW2vd1tH8qfxVJLq0VzM7LHsWWlyRDlia8/7izSZbuN9/wDDt+7WbPqbRvtX59n3qoXOtSz2UNr/AAp/FUVpDBIn71/v/e/3afs4hyxOj0+3vtQT7RbQb4H/ANW1dVbaJbLCnmpI7bPmpdDVYNGtoYvuolXvN211wox5TGUisuj6fH8vkb/96nrpliv3bSOpWmprTfxVtGiRzCLZW0f3YI6f9ni/ijjpqzVG1xT9mHMXI9sf3UpkjLVT7VVeW7qvZhzF5nWoGaLfWc101RfaGar5eUOY0pZlX5Vqq09VJJWamK9BJZll3VTkXdUm6jbQUVmWoZ4Vk+9VxlpjJUSjzAUY7SJn+arH2WD5P3dTbKNtZRpRL5pEf2eDZ/q6X7PF/wA86ftop+yiHNIZ9nib/lnTvJi2bVpaKXs4hzSI/s8W/wD1dNa3ib/lnUu6m7qr2UQ5pB5S/P8A7dMaGL/nnTt1N3UeyiTzSE8mPfu2U37LB/cp+6jdR7KPYOaQkdrBH8qx0LbxKm1fk/4FT91N3Ueyj2HzSGSWsTJtaST/AL6pscKxw+Wskm3/AHqk3UbqPZQ7C5pEElosj7mkk+/TJLT5/lnkq1uqNmo9hDsHMyqyTx/8tN+ymyXtzGm3zPuVbb5qqTpU/VoBzsrS6xc76rSatds77fL21JJD89ItvU/Volc5hy288jvJ/fqtLFLsRWSuma3qnLbrT9lyjjUMDY39yk2NW01rTPsq0ezK5zI20VsfZFoo9kHtBkmpy7PLik+/96ntfSy221pN9ZCru+VamVdqba5eWJZox3CyvtifYy/NQzyrM/7yoIImVPlonfy0+Wj0AVdQnV9sslXtN1ue0uf9RBLv+X95WM37z5mrT0OFZ9QSNvu1QGxL4clu7JL20kj813O6P/Ci08G30v8Ax8z+UtdZaRNFCi/cq1u211xpRMOaRhReCtPi+aWSR/8AdqZvDWmsiNBHsrRllZqsQfcrSNOBEpSMv/hF7FkRW+7v+aoZPCWnyO+7zE/u7a299MkZqPZR7C5pHO/8Ilp8f/LSSp4PCunqm5o97VrqlL82yl7OHYrmkczqHhyVfmsfnX+7WLPp93Ej+bBIlehRNtonXcnzR1EsNGQe0lE8ya1ZU8xo6ZEjTzeX9yvR1tYpPlaP5agufD9pP8yx7G/2aiWFKjVPPWhaOby609LsZ/7QSOWP9077a228KfPuWetnS9Pa0+aWTf8AJURw0ubUv2sTWj2wIka/dSop7jalV57jbVOSVpK7eXlOf4ixJe0Nd/JWczM1NZmqgND7X8lRNdVU+aj5qnmDlLDXFMaVmpirUipS5iuUYrU5VqRUp2ylzDIdtPVaeyVYii3JS5gK6pT1WrHlVFJ+7pFDGWmbaaz0nm0Ekmyk2U1p6j8+qAmZKa0VQ/aKd9ooAkWKnNDUUU3z1a+0LQBVaJqhZGq20y1D5qs9ADPKaoWWtJtuyqcq0ySvupy03bU0dADNtDVY+WmMtHKPmK9FS7akWKkIgamVa8qj7PTAp1DLWk1vVO5i20wKG2lVKtrbs1PjtWpgUWSq0iVsSWjbKoSQsr0gKLJSeVVqSJlpPKakBW2UVP5TUVQHJxs1SfMvzVvz6fb7BsQJ5fXaPvVSaJ4VxlWXf6V5XNc65FBZm/4DUcm5fl/hrTvbOCG4jABIPXNOksrT7Oh/e5quUXMUrG1kvrxLeL+Oux0PQvsjvuk+WsrSNPld99vP5HuASa6m2tXXZ59y7f7oFb04ozqSZr/Kvy01qZlvWjLetdsYo5+Zj9q05flqLLetGW9aqMUTKTJKKhyfWjJ9afKBOtDMtQZPrTst60uVD5mSUVHlvWjLetIB/wB2jdTMt603J9aBE++mM9Q5b1pjE+tAEc/zPUarTmJ9aRSfWpkWIqUxk3PVqMD0p3lp6VnKTK5SusVHlVawPSpfLTZ0qeYsppFU8cW6pY409KkTj7tTzDIfJp/lVPHT2Rdj0cwGayfPWnbRKsNUm+/UsTPs60CLEsW35qw7uXc/y1s3kx8mPgcpzWHJ9xvfrVRFIiZqRqfQv36Yhm1qGiqZP/Z6WSgCtsoValpyRZTljQBF92ms9SSxY6MahZFqgEZ6ZvpWA9KGA9KAJftXybahabdTcD0pVi/2jTATdTt7VIioOgpWA87pSAZvan7moUDf0qWWNA/Ao5iRq1MtIoHpUi0FD1WpVXbRHUjfcoAhaq7J5j1MxPrUa04ki7dtItIxPrTo6uQg+9UMsKtVPXNWOlRBli8x/XOP6Vy934j1SVceZHEP+ma4rKU+XoXGJ1Nz9mj+WWSNP96pI4YmTcvzq/8AFXETwtcAXAkYZ6qScUthrd9bRFIJMoOocA4+lRGs+qK9n5nbfZVorFhv0aJWmkufMIy21hjNFL6zHsRy+Z//2Q=="
    with open('bigImage.jpg','wb') as f:
        f.write(base64.b64decode(base64str))

代碼將解碼后的文本寫(xiě)入'bigImage.jpg'，執(zhí)行成功會(huì)生成該文件，打開(kāi)即為滑塊的背景圖

解密圖片的base64編碼獲取圖片

圖片獲取之后，只需要計(jì)算下缺口的位置就可以了，將計(jì)算出來(lái)的位置值賦值給value進(jìn)行請(qǐng)求即可。這里并不打算講圖片缺口位置的計(jì)算，網(wǎng)上有很多方法，可以參考下，我們的重點(diǎn)是調(diào)試和分析該滑塊驗(yàn)證碼的破解。

6. 總結(jié)

通過(guò)上述分析，該網(wǎng)站驗(yàn)證碼的破解過(guò)程大致為：

1. 使用md5加密字符串 "testtest"+timeStamp(當(dāng)前時(shí)間戳)，獲取authKey
2. post方式請(qǐng)求鏈接https://hlwicpfwc.miit.gov.cn/icpproject_query/api/auth，參數(shù)為 {"authKey" : authKey，"timeStamp": timeStamp}, 從結(jié)果中提取鍵 bussiness 的值，作為token，該token用以后續(xù)請(qǐng)求的請(qǐng)求頭中
3. post請(qǐng)求https://hlwicpfwc.miit.gov.cn/icpproject_query/api/image/getCheckImage ，獲取驗(yàn)證碼配置信息，請(qǐng)求頭中需添加token
4. 從第3步的配置信息中，拿到驗(yàn)證碼的uuid，以及對(duì)應(yīng)的驗(yàn)證碼圖片并計(jì)算缺口位置，作為value的值
5. post請(qǐng)求https://hlwicpfwc.miit.gov.cn/icpproject_query/api/image/checkImage，用以驗(yàn)證滑動(dòng)結(jié)果，參數(shù){"key": uuid，"value": 缺口位置}，這兩個(gè)參數(shù)值在第4步已獲取。驗(yàn)證成功后，返回結(jié)果的取出鍵”params“的值，作為第6步請(qǐng)求頭中的sign值，請(qǐng)求頭中需添加token
6. post請(qǐng)求https://hlwicpfwc.miit.gov.cn/icpproject_query/api/icpAbbreviateInfo/queryByCondition ，用于獲取域名的icp備案信息，參數(shù) {"pageNum":"","pageSize":"","unitName":"baidu.com"}，該請(qǐng)求頭中除了token之外，還需要添加第5步拿到的sign值，以及第3步拿到的uuid

至此，完成了數(shù)據(jù)的獲取，根據(jù)自己的需求，解析并保存即可。